Details
Assignee
UnassignedUnassignedReporter
onms security jiraonms security jiraLabels
Priority
Trivial
Details
Details
Assignee
Unassigned
UnassignedReporter
onms security jira
onms security jira
Labels
Priority
TrivialPagerDuty
PagerDuty
PagerDuty
Created July 21, 2023 at 10:29 PM
Updated July 21, 2023 at 10:29 PM
Impact
Output from the synchronous version of `shell.exec()` may be visible to other users on the same system. You may be affected if you execute `shell.exec()` in multi-user Mac, Linux, or WSL environments, or if you execute `shell.exec()` as the root user.
Other shelljs functions (including the asynchronous version of `shell.exec()`) are not impacted.
Patches
Patched in shelljs 0.8.5
Workarounds
Recommended action is to upgrade to 0.8.5.
References
https://huntr.dev/bounties/50996581-c08e-4eed-a90e-c0bac082679c/
For more information
If you have any questions or comments about this advisory:
Ask at https://github.com/shelljs/shelljs/issues/1058
Open an issue at https://github.com/shelljs/shelljs/issues/new
Repository: OpenNMS/newts (https://github.com/OpenNMS/newts)
Dependabot: https://github.com/OpenNMS/newts/security/dependabot/42
CVE:
CVSS:
GHSA: GHSA-64g7-mvw6-v9qj
Severity: medium
Ecosystem: npm
Package Name: shelljs
Vulnerable Version Range: < 0.8.5
First Patched Version: 0.8.5